Tornado Cash

Secure your business with CyberHoot Today!!!

Tornado Cash is an Ethereum (ETH) mixer protocol that is used to improve transaction privacy by obscuring the on-chain link between the source and recipient of ether. Tornado Cash utilizes smart contracts that accept deposits made in ETH that are then withdrawn to other addresses. Since the withdrawal is made from the project’s smart contract liquidity pools, there is no way of knowing who the original sender is.

Tornado Cash generates a secret hash each time a user deposits assets. Their smart contracts then accept the deposit along with the hash, called a commitment. The commitment’s purpose is to identify the real sender and prove during the withdrawal process that the user in question owns the assets. By inputting the hash upon making the request, the user essentially confirms his identity while remaining anonymous on-chain to everyone else.

Anonymity Implications of Cryptocurrencies

Greater anonymity in cryptocurrency payments became a priority when the FBI recovered Bitcoins from the Colonial Pipeline hackers.  Before that it was theoretically possible but unproven that the public block-chain in Bitcoin could be traced to individuals. With Colonial it was proven possible.  Since then hackers have been migrating to cryptocurrencies not using a public-block-chain but rather a private block-chain such as with Monero coin and now Tornado Cash.  These cryptocurrencies provide the necessary anonymity to hide the identities of the users of the currency.  This bodes well for privacy and bad for law enforcement.

Tips for Cryptocurrency Users

While you’re likely not laundering cryptocurrency through Tornado Cash systems, you should be aware of the various threats that cryptocurrency investors face:

  • Don’t put all your crypto coins in hot wallets. When you entrust your savings or your wage payments to a bank, you are doing so with years of regulatory scrutiny and protection to back you up. In the unregulated cryptocurrency world, you are largely on your own if something goes wrong. Don’t keep more than you can afford to lose in a hot wallet.
  • Don’t expect to keep a secret such as a Bitcoin password or ATM PIN if you tell it to other people. As Benjamin Franklin is supposed to have said, “Three people can keep a secret if two of them are dead.” Remember: If in doubt, don’t give it out.

Additional Cybersecurity Recommendations

Additionally, these recommendations below will help you and your business stay secure with the various threats you may face on a day-to-day basis. All of the suggestions listed below can be gained by hiring CyberHoot’s vCISO services.

  1. Govern employees with policies and procedures. You need a password policy, an acceptable use policy, an information handling policy, and a written information security program (WISP) at a minimum.
  2. Train employees on how to spot and avoid phishing attacks. Adopt a Learning Management system like CyberHoot to teach employees the skills they need to be more confident, productive, and secure.
  3. Test employees with Phishing attacks to practice. CyberHoot’s Phish testing allows businesses to test employees with believable phishing attacks and put those that fail into remedial phish training.
  4. Deploy critical cybersecurity technology including two-factor authentication on all critical accounts. Enable email SPAM filtering, validate backups, deploy DNS protection, antivirus, and anti-malware on all your endpoints.
  5. In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections, etc) or prohibiting their use entirely.
  6. If you haven’t had a risk assessment by a 3rd party in the last 2 years, you should have one now. Establishing a risk management framework in your organization is critical to addressing your most egregious risks with your finite time and money.
  7. Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.

All of these recommendations are built into CyberHoot the product or CyberHoot’s vCISO Services. With CyberHoot you can govern, train, assess, and test your employees. Visit and sign up for our services today. At the very least continue to learn by enrolling in our monthly Cybersecurity newsletters to stay on top of current cybersecurity updates.

CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like: 

Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.